So, I want to encrypt my files with Cryptomater before they go to my cloud based backup service. Lets say I use Dropbox.
So I know I create a Cryptomater vault and give the location as a folder in Dropbox.
I can’t see that Vault until I open it in Cryptomater, right? This means I can’t add anything to that Vault unless its open on my machine. As its open, I’m assuming that the data I’m adding is unencrypted until I close the Vault?
Lets say I add a plain text file to an open Vault.
So, at what point does Dropbox upload that file? Is it the minute its added to the Dropbox environment? Because that would mean its unencrypted.
Or is it not uploaded until the moment the Cryptomater vault is closed? Because that would mean I’d either have to leave the Vault open the entire time I was on my device and possibly have to do one (potentially) big upload at the end of the day maybe or keep opening and closing the Vault every time I wanted to work with the Vault (edit an existing document, add a new one, delete one etc).
Or have I misunderstood the process? I hope so because it either sounds not very secure or not very usable.
Thanks for your answers :)
So its the case then that the minute I add/amend a file to a Cryptomater Vault its encrypted immediately? Not when the Vault is closed? Because you then say:
Which tends to indicate the opposite - that the encryption only occurs when the Vault is saved/closed.
I guess I’m confused about Vaults. Are you saying Cryptomater stores the Vault until the moment its closed/encrypted and ony then moves those encrypted files to Dropbox?
Well, because the upload only happens when the Vault is closed (I think?) and seeing that Dropbox/OneDrive users (whom Cryptomater specifically targets) normal expectation is that files are uploaded immediately I think its worth them understanding that that’s not what happens.
So I have about 2gb of various files that I backup to an external drive using a bash script that detects changes and makes a copy and moves it but I’d also like to have a backup offsite copy. If I used Dropbox or OneDrive or whatever my expectation - because it doesn’t seem to claim otherwise in Cryptomaters documentation - would be that it does that same thing, but now encrypted. If thats wrong, as seems to be the case, people should be made aware of that don’t you think?
The files are encrypted in the RAM of the computer and stored immediately, you can see the changes in your Dropbox folder where they are stored (encrypted).
There is no vault with Cryptomator! Yeah, it’s annoying and I understand your concerns now. They call it that but it’s only a background service that encrypts files when you copy them in the virtual folder (of Cryptomator, not Dropbox). What they call the vault is that service, but the files are there and you can see it with their names scrambled in the real directory of Dropbox.
The upload happens when Dropbox sees a change in its own directory. For example, you copy “hentai.png” in Cryptomator, Cryptomator will encrypt and save it to the local Dropbox as “aiernstaernst.xyz” and then the Dropbox service will see that “aiernstaernst.xyz” has changed and will upload it immediatly (or maybe with a few seconds of differences but we can’t know this).
On Windows you would have:
F:\Vault\hentai.pnglinked toC:\User\Dropbox\aiernstaernst.xyz. Cryptomator shows you the fakeF:\Vaultdrive when it’s running (the so-called vault) while Dropbox only seesC:\User\DropboxAs long as your bash script copies the files to the Cryptomator directory, they will be encrypted before being stored as this service acts as a fake driver pointing to your Dropbox directory. But I agree that the term “vault” is really confusing. It’s only a fake hard drive that detects copies and modifications, and encrypts and decrypts files in that fake drive, which is linked to the real Dropbox drive that only sees scrambled content.
It’s a neutral process that only stores files wherever you want, it’s independent on any cloud or solution. You can even use it with a USB key without any cloud at all. I happen to use Veracrypt for my weekly backups (emails, some texts) but I could replace all that with Cryptomator and I’m sure it would be easier since I wouldn’t have to change one big 2GB file every time.
Thanks very much for the time you’ve taken to explain this to me, I really appreciate it :)
So, just to recap so I’m sure I’ve understood…
Yes, the encrypted file is then placed immediately into the local Dropbox folder. Once again it’s all very confusing but if I can sum that up, Cryptomator is not there to sync things, it’s only there to show you a virtual hard drive.
Sure, I get that :) I’m not thinking that Cryptomater should be responsible for the syncing of anything but I was unclear that at what point in the process the encrypted file would be uploaded. Now obviously that will vary depending on the sync service you use but the important point (for me) was when the file was encrypted and moved i.e. immediately or when the Vault was saved/closed.
Thanks again to you for the explanation, I feel I understand the process much better now :)